Appl . No . 

Prelim. Amdt . dated October 18, 2004 

Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1. (original) An intrusion detection system for detection of intrusion or attempted 
intrusion by an unauthorised party or entity to a computer system or network, the intrusion 
detection system comprising means for monitoring activity relative to said computer system or 
network, means for receiving and storing one or more general rules, each of said general rules 
being representative of characteristics associated with plurality of specific instances of intrusion 
or attempted intrusion, and matching means for receiving data relating to activity relative to said 
computer system or network from said monitoring means and for comparing, in a semantic 
manner, sets of actions forming said activity against said one or more general rules to identify 
an intrusion or attempted intrusion. 

2. (original) An intrusion detection system according to claim 1, wherein said one or 
more general rules forms a knowledge base of the system, and wherein the system comprises 
means for automatically generating and storing in said knowledge base a new general rule 
representative of characteristics associated with specific instances of intrusion or attempted 
intrusion not previously taken into account. 

3. (original) An intrusion detection system according to claim 2, wherein said means 
for automatically generating and storing a new general rule comprises inductive logic 
programming means. 

4. (currently amended) An intrusion detection system according toclaim_3 any one 
of the preceding claims , wherein said one or more general rules is or are represented in a logic 
programming language. 

5. (original) An intrusion detection system according to claim 3, wherein inductive 
logic programming techniques are applied by the system to an attack an intrusion or attempted 
intrusion. 

6. (original) An intrusion detection system for detection of intrusion or attempted 
intrusion by an unauthorised party or entity to a computer system or network, the intrusion . 
detection system comprising means for monitoring activity relative to said computer system or 

network, means for initially receiving and storing a knowledge base comprising one or more f 
general rules, each of said general rules being representative of characteristics associated with i 
a plurality of specific instances of intrusion or attempted intrusion, and means for automatically 
generating and storing in said knowledge base (after said knowledge base has been initially 
stored) new general rules representative of characteristics associated with specific instances of 
intrusion or attempted intrusion not previously taken into account. 
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7. (original) An intrusion detection system for detection of intrusion or attempted 
intrusion by an unauthorised party or entity to a computer system or network, the intrusion 
detection system comprising means for monitoring activity relative to said computer system or 
network, means for initially receiving and storing in a knowledge base data representative of 
characteristics associated with one or more specific instances or classes of intrusion or attempted 
intrusion, matching means for receiving data relating to activity relative to said computer system 
or network from said monitoring means and for comparing sets of actions forming said activity 
against said stored data to identify an intrusion or attempted intrusion, and inductive logic 
programming means for updating said stored data to take into account characteristics of further 
instances or classes of intrusion or attempted intrusion occurring after said knowledge base has 
been initially received and stored. 

8. (canceled) 

9. (new) An intrusion detection system according to claim 1, wherein said one or 
more general rules is or are represented in a logic programming language. 

10. (new) An intrusion detection system according to claim 2, wherein said one or 
more general rules is or are represented in a logic programming language. 
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